CVE-2023-49274
LOW
3,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0037
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
200
Exposure of Sensitive Information to an Unauthorized Actor
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Mobile, Not Technology-Specific, Web Based
Application
Umbraco Cms by Umbraco
Version Range Affected
From
10.0.0
(inclusive)
To
10.8.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Umbraco Cms by Umbraco
Version Range Affected
From
12.0.0
(inclusive)
To
12.3.4
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Umbraco Cms by Umbraco
Version Range Affected
From
8.0.0
(inclusive)
To
8.18.10
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c